Route Origin Authorization

$ rpki-client -vvf rpki.ripe.net/repository/DEFAULT/0e/984844-3eb4-4232-9385-2af3d62be7f2/1/9OI_v4PtgT0UORbrHugAqjg3JxE.roa
File:                     9OI_v4PtgT0UORbrHugAqjg3JxE.roa (raw, json)
Hash identifier:          lbdNiBUqi1yTmbOtdKMK/9vA8VUd2Sy7PUG4FYeUJhw=
Subject key identifier:   F4:E2:3F:BF:83:ED:81:3D:14:39:16:EB:1E:E8:00:AA:38:37:27:11
Certificate issuer:       /CN=f6cb0c8f20843302034f63656ea29ebd6d1163aa
Certificate serial:       018CCA2AFC5A8F8E141B5BC9FE759443B9E2
Authority key identifier: F6:CB:0C:8F:20:84:33:02:03:4F:63:65:6E:A2:9E:BD:6D:11:63:AA
Authority info access:    rsync://rpki.ripe.net/repository/DEFAULT/9ssMjyCEMwIDT2NlbqKevW0RY6o.cer
Subject info access:      rsync://rpki.ripe.net/repository/DEFAULT/0e/984844-3eb4-4232-9385-2af3d62be7f2/1/9OI_v4PtgT0UORbrHugAqjg3JxE.roa
Signing time:             Tue 02 Jan 2024 12:34:23 +0000
ROA not before:           Tue 02 Jan 2024 12:34:23 +0000
ROA not after:            Tue 01 Jul 2025 00:00:00 +0000
asID:                     39918
IP address blocks:        91.192.179.0/24 maxlen: 24
                          91.192.176.0/24 maxlen: 24
                          91.192.178.0/24 maxlen: 24
                          91.192.177.0/24 maxlen: 24

Validation:               OK
Signature path:           rsync://rpki.ripe.net/repository/DEFAULT/0e/984844-3eb4-4232-9385-2af3d62be7f2/1/9ssMjyCEMwIDT2NlbqKevW0RY6o.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/0e/984844-3eb4-4232-9385-2af3d62be7f2/1/9ssMjyCEMwIDT2NlbqKevW0RY6o.mft
                          rsync://rpki.ripe.net/repository/DEFAULT/9ssMjyCEMwIDT2NlbqKevW0RY6o.cer
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.crl
                          rsync://rpki.ripe.net/repository/DEFAULT/KpSo3VVK5wEHIJnHC2QHVV3d5mk.mft
                          rsync://rpki.ripe.net/repository/aca/KpSo3VVK5wEHIJnHC2QHVV3d5mk.cer
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.crl
                          rsync://rpki.ripe.net/repository/aca/7DNNDzoYvgAht7joQih2Qayxcxo.mft
                          rsync://rpki.ripe.net/repository/ec334d0f3a18be0021b7b8e842287641acb1731a.cer
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.crl
                          rsync://rpki.ripe.net/repository/ripe-ncc-ta.mft
                          rsync://rpki.ripe.net/ta/ripe-ncc-ta.cer
Signature path expires:   Mon 17 Jun 2024 16:00:49 +0000

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            01:8c:ca:2a:fc:5a:8f:8e:14:1b:5b:c9:fe:75:94:43:b9:e2
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=f6cb0c8f20843302034f63656ea29ebd6d1163aa
        Validity
            Not Before: Jan  2 12:34:23 2024 GMT
            Not After : Jul  1 00:00:00 2025 GMT
        Subject: CN=f4e23fbf83ed813d143916eb1ee800aa38372711
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:86:28:b3:eb:8f:c1:9b:2f:7d:ac:bf:18:a1:a7:
                    3a:cb:3c:01:79:09:cb:76:aa:ba:c7:c3:6b:44:ed:
                    37:d7:15:be:98:e1:d0:65:7d:e7:f1:e5:1f:3d:ad:
                    95:2a:2d:f9:e4:02:e9:70:ce:b8:5a:62:73:8c:71:
                    8c:c8:63:91:f6:6f:12:13:39:ec:09:3a:ab:01:1c:
                    6e:5a:0c:17:7e:58:26:cb:7e:83:76:74:60:43:04:
                    99:1a:43:18:ae:24:94:4d:e7:18:82:bf:b7:29:41:
                    63:23:0e:b5:7e:9a:25:5f:08:32:d0:d8:be:7b:13:
                    b5:5a:ce:18:3c:d7:27:18:cc:5a:68:b3:3c:08:1a:
                    00:00:c4:8a:2f:15:fb:f4:96:44:ad:70:1d:d6:10:
                    af:b8:e0:ac:df:a8:5a:fb:7f:00:1f:45:bf:8a:3f:
                    bb:85:db:17:4b:bb:5b:8d:cc:c6:f1:0a:b7:c1:db:
                    77:57:f4:ca:88:1c:9d:df:22:fd:be:f7:17:4d:26:
                    0b:4f:c9:88:52:65:a5:2c:f6:c6:1c:b8:a8:e0:61:
                    ca:8c:94:ca:a1:dd:85:46:eb:02:89:7b:98:e8:02:
                    2e:d0:28:0b:cd:23:2b:a8:0a:12:50:1a:d2:ba:26:
                    cc:3d:d6:06:25:c9:05:f4:f1:20:bd:9f:3d:12:00:
                    bb:43
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                F4:E2:3F:BF:83:ED:81:3D:14:39:16:EB:1E:E8:00:AA:38:37:27:11
            X509v3 Authority Key Identifier:
                keyid:F6:CB:0C:8F:20:84:33:02:03:4F:63:65:6E:A2:9E:BD:6D:11:63:AA

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.ripe.net/repository/DEFAULT/9ssMjyCEMwIDT2NlbqKevW0RY6o.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/984844-3eb4-4232-9385-2af3d62be7f2/1/9OI_v4PtgT0UORbrHugAqjg3JxE.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki.ripe.net/repository/DEFAULT/0e/984844-3eb4-4232-9385-2af3d62be7f2/1/9ssMjyCEMwIDT2NlbqKevW0RY6o.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  91.192.176.0/22

    Signature Algorithm: sha256WithRSAEncryption
         08:a1:3f:2c:1a:f8:d3:41:f5:69:21:5c:2d:c6:00:a7:95:8c:
         43:f4:36:28:86:8c:94:0f:36:7c:bc:29:8e:8f:4f:a3:37:62:
         a5:97:bc:0b:6f:5f:33:c7:b1:6d:cf:71:91:a8:b6:97:9e:5f:
         d1:ca:ed:90:9d:ac:79:b5:d1:b0:a3:8f:05:9c:a0:9c:ae:6b:
         4b:01:a8:06:c6:86:91:84:b1:3e:fd:6e:96:17:59:05:64:2e:
         4a:6f:8f:4f:9f:7a:29:ac:9e:d0:58:96:cd:5c:7e:b1:ba:b4:
         23:a9:fe:c8:9d:8f:8e:ab:41:ef:bb:6a:7b:a4:39:f7:09:05:
         42:fd:5c:42:28:f0:70:85:f4:3e:86:d4:a6:89:fe:a6:ac:5e:
         51:8e:1e:b0:5d:26:07:79:6d:39:82:ba:07:96:da:55:5c:48:
         0d:30:c7:83:f0:d7:08:5f:63:db:10:c5:f3:1e:e6:51:63:3a:
         80:56:aa:e6:57:a8:51:25:65:0a:43:b6:32:61:4f:10:c5:32:
         63:ba:29:0e:a8:9f:60:86:fe:6d:77:5b:bf:30:45:1d:a7:93:
         e1:5d:1d:ba:48:0f:92:60:e7:bd:4d:11:6b:a1:be:c8:81:25:
         20:77:ae:a9:3c:c2:cb:36:cb:a9:25:a1:df:42:68:63:82:9c:
         f1:3f:d4:d6
-----BEGIN CERTIFICATE-----
MIIE/TCCA+WgAwIBAgISAYzKKvxaj44UG1vJ/nWUQ7niMA0GCSqGSIb3DQEBCwUA
MDMxMTAvBgNVBAMTKGY2Y2IwYzhmMjA4NDMzMDIwMzRmNjM2NTZlYTI5ZWJkNmQx
MTYzYWEwHhcNMjQwMTAyMTIzNDIzWhcNMjUwNzAxMDAwMDAwWjAzMTEwLwYDVQQD
EyhmNGUyM2ZiZjgzZWQ4MTNkMTQzOTE2ZWIxZWU4MDBhYTM4MzcyNzExMIIBIjAN
BgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAhiiz64/Bmy99rL8Yoac6yzwBeQnL
dqq6x8NrRO031xW+mOHQZX3n8eUfPa2VKi355ALpcM64WmJzjHGMyGOR9m8SEzns
CTqrARxuWgwXflgmy36DdnRgQwSZGkMYriSUTecYgr+3KUFjIw61fpolXwgy0Ni+
exO1Ws4YPNcnGMxaaLM8CBoAAMSKLxX79JZErXAd1hCvuOCs36ha+38AH0W/ij+7
hdsXS7tbjczG8Qq3wdt3V/TKiByd3yL9vvcXTSYLT8mIUmWlLPbGHLio4GHKjJTK
od2FRusCiXuY6AIu0CgLzSMrqAoSUBrSuibMPdYGJckF9PEgvZ89EgC7QwIDAQAB
o4ICCTCCAgUwHQYDVR0OBBYEFPTiP7+D7YE9FDkW6x7oAKo4NycRMB8GA1UdIwQY
MBaAFPbLDI8ghDMCA09jZW6inr1tEWOqMA4GA1UdDwEB/wQEAwIHgDBkBggrBgEF
BQcBAQRYMFYwVAYIKwYBBQUHMAKGSHJzeW5jOi8vcnBraS5yaXBlLm5ldC9yZXBv
c2l0b3J5L0RFRkFVTFQvOXNzTWp5Q0VNd0lEVDJObGJxS2V2VzBSWTZvLmNlcjCB
jQYIKwYBBQUHAQsEgYAwfjB8BggrBgEFBQcwC4ZwcnN5bmM6Ly9ycGtpLnJpcGUu
bmV0L3JlcG9zaXRvcnkvREVGQVVMVC8wZS85ODQ4NDQtM2ViNC00MjMyLTkzODUt
MmFmM2Q2MmJlN2YyLzEvOU9JX3Y0UHRnVDBVT1Jickh1Z0FxamczSnhFLnJvYTCB
gQYDVR0fBHoweDB2oHSgcoZwcnN5bmM6Ly9ycGtpLnJpcGUubmV0L3JlcG9zaXRv
cnkvREVGQVVMVC8wZS85ODQ4NDQtM2ViNC00MjMyLTkzODUtMmFmM2Q2MmJlN2Yy
LzEvOXNzTWp5Q0VNd0lEVDJObGJxS2V2VzBSWTZvLmNybDAYBgNVHSABAf8EDjAM
MAoGCCsGAQUFBw4CMB8GCCsGAQUFBwEHAQH/BBAwDjAMBAIAATAGAwQCW8CwMA0G
CSqGSIb3DQEBCwUAA4IBAQAIoT8sGvjTQfVpIVwtxgCnlYxD9DYohoyUDzZ8vCmO
j0+jN2Kll7wLb18zx7Ftz3GRqLaXnl/Ryu2Qnax5tdGwo48FnKCcrmtLAagGxoaR
hLE+/W6WF1kFZC5Kb49Pn3oprJ7QWJbNXH6xurQjqf7InY+Oq0Hvu2p7pDn3CQVC
/VxCKPBwhfQ+htSmif6mrF5Rjh6wXSYHeW05groHltpVXEgNMMeD8NcIX2PbEMXz
HuZRYzqAVqrmV6hRJWUKQ7YyYU8QxTJjuikOqJ9ghv5td1u/MEUdp5PhXR26SA+S
YOe9TRFrob7IgSUgd66pPMLLNsupJaHfQmhjgpzxP9TW
-----END CERTIFICATE-----
Generated at Sun Jun 16 21:37:20 2024 by rpki-client on console-fra.rpki-client.org